Re: Golon-A, administrator profile installed
From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 09/21/03
- Next message: N. Miller: "Re: Swen - can I stop getting the e-mails?"
- Previous message: Robert Moir: "Re: FREE full anti virus software"
- In reply to: Jojo: "Golon-A, administrator profile installed"
- Next in thread: Jojo: "Re: Golon-A, administrator profile installed"
- Reply: Jojo: "Re: Golon-A, administrator profile installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 21 Sep 2003 16:02:46 -0400
It's time to reinstall clean, I think.
This is the ultimate choice for any trojan infection, and since it is clear
that yours is still being actively exploited, you have little choice.
If you want to eke out a few more hours, install a software firewall and
don't allow in or out access to processes you can't identify.
I recommend Kerio's personal version, myself.
"Jojo" <Walkstwice@yahoo.com> wrote in message
news:01d601c38070$f8f20950$a401280a@phx.gbl...
> I recently got rid of (I hope) a new trojan, Golon-A
> (logon.exe). But I'm still having problems with z.exe,
> even though I've gotten rid of it (I hope). I'm missing
> half the driver files, dll, etc. I'm going to completely
> re-install very soon... No choice. But I've also had a lot
> of settings changed. And found a lot of evidence of remote
> use of my machine.
>
> I spent the night at my girlfriend's on Wednesday, came
> home after work on Thursday & found that my browser had
> been used to surf with. History was full of some nasty
> sites under the Wednesday heading. I'd deleted everything
> else before I left, so that was the only day in history.
>
> There was a new entry in the windows/profiles folder:
> administrator/Vorlagen. I don't know how long this has
> been going on, my system (Windows 98 2nd edition) has been
> running VERY poorly for quite a while. I'd run a lot of
> utilities to clean my system, which would help for awhile,
> then bam, it'd start all over. The only way I could surf,
> was with java & activeX disabled (they're enabled now & I
> don't like it!). I wouldn't have investigated file by file
> if Zone Alarm hadn't asked permission for logon.exe to act
> as a server... That was just last week.
>
> What brings me here, is that when I go to windows update,
> even with X & java enabled, I get a message saying I have
> X disabled, and that I don't have administrator access
> rights to update!! I got the same thing last week, before
> I found z.exe. It's gone now, but the settings that
> Vorlagen entered are still in effect (he's from Germany,
> according to some logs I found).
>
> How can I correct this?
>
> Thanks for any help.
- Next message: N. Miller: "Re: Swen - can I stop getting the e-mails?"
- Previous message: Robert Moir: "Re: FREE full anti virus software"
- In reply to: Jojo: "Golon-A, administrator profile installed"
- Next in thread: Jojo: "Re: Golon-A, administrator profile installed"
- Reply: Jojo: "Re: Golon-A, administrator profile installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
